We have implemented our business continuity plans and have
recovered our regular client-facing operations.

The majority of our systems have been up and running for some
days now and our offices have largely returned to business as
usual.

We would like to thank our clients and our staff for their
support as we enter the final phase of our recovery this
week.

Contacting TMF Group Employees

Your usual contacts can be reached at their TMF Group email
address, on their office phone or mobile phone numbers. Each TMF
Group office lists their reception phone numbers via the
'country page' section on this website, just click the
'our locations' drop down and make a selection.

Whilst we continue to restore our IT systems, we politely ask
clients to resend any emails they may have sent between Tuesday 27
June and Thursday 29 June. As our email servers come back online we
will have a significant backlog of emails waiting and we want to be
sure we can prioritise our responses. Thank you for your
co-operation.

TMF Group Statement (Updated: 07 July 15:00 BST)

Since the time of the incident, our teams have worked very hard
to continue to operate the business, serve our clients and progress
recovery activities. A critical majority of the affected
systems are up and running again with many countries expecting to
return to business as usual from Monday. We have seen no
re-infection.

We will continue to share updates as we have them, and would
like to thank our clients for their understanding and patience.

TMF Group Statement (Updated: ?06 July 10:00 BST?)

We are pleased to confirm that data and file exchange capability
with our clients has resumed and we continue to focus on our
obligations to our clients and address any backlogs.

All TMF Group applications have been through an extensive
hygiene process prior to restoration to ensure integrity and
availability. We are dedicated to resuming business as usual as
soon as possible and doing so in a way that continues to safeguard
data.

We understand many of our clients would like more technical
detail. We wholeheartedly thank our clients for their ongoing
support and will engage as soon as our teams have finished their
recovery work.

We will continue to share updates as we have them, and would
like to thank our clients for their understanding and patience.

TMF Group Statement (Updated: ?03 July 15:00 BST?)

Our 450+ global IT experts continue to work with industry
leading agencies and cyber-security experts to resolve the IT
issues facing many global businesses since the events of last
Tuesday.

We can confirm that no client data has been compromised. The
team has removed the software we believe the virus originated from
and is treating certain jurisdictions in isolation.

They have made impressive progress across over 120 offices in
more than 80 countries in restoring the network, connectivity, file
servers and the rebuild of desktops and laptops for 7000+
employees. We have engaged additional engineers to reinforce our
global efforts and are pleased to say all staff are now back on
email.

Our priority is to continue the restoration process in a safe
and controlled way to ensure we do not jeopardise the progress we
continue to make. The safeguarding of our clients' data and our
obligations to them remains our upmost concern.

We will continue to share updates as we have them, and would
like to thank our clients and staff who continue to work with us to
resolve the situation.

TMF Group Statement (Updated 02 July 2017, 21:00 BST)

Our 450+ global
IT experts continue to work with industry leading agencies and
cyber-security experts to resolve the IT issues facing many global
businesses since the events of last Tuesday.

They have made impressive progress across over 120 offices in
more than 80 countries. Our priority is to continue the restoration
process in a safe and controlled way to ensure we do not jeopardise
the progress we continue to make. The safeguarding of our
clients' data and our obligations to them remain our utmost
concern.

To date, our IT team has made very significant progress in
restoring the network, connectivity, end-points, file servers,
email and the rebuild of desktops and laptops for 7000+ employees.
The team has further removed the software we believe the virus
originated from and is treating certain jurisdictions in isolation.
We will continue to share updates as we have them and thank you for
your understanding.

TMF Group Statement (Updated 30 June 2017, 13:00 BST)

We continue to
prioritise resolving the IT issues some of our TMF Group offices
have experienced as a result of the virus currently affecting many
businesses around the world. We believe the virus started within
the tax filing system MEDoc which we use in the Ukraine.

The ransomware virus was first detected at 11:03 BST on Tuesday
27 June. As previously communicated, our Business Continuity Plans
were activated immediately and we suspended our systems as a
precaution. Since 12:30 BST on the same day, we have been working
on restoring services and eradicating the virus from the network.
There is a Digital Forensics Investigation and a technical Root
Cause Analysis also in progress.

We can confirm the integrity of our data was not affected in
this incident due to the prompt action taken, however, the
underlying operating system and Master Boot Files were encrypted
thus preventing access to the system and data across many systems.
This has had a global impact and all servers and systems are being
rebuilt to fully eradicate the risk of future outbreaks. Critical
systems are being restored as a priority in addition to going
through hygiene processes to ensure the integrity and availability
of systems. There has been no re-infection and we are working
around the clock to have all offices online as soon as
possible.

We have robust processes in place and we continue to work with
external agencies and cyber-security experts, and expect to start
to return to normal operations from Monday 3 July. We have
implemented an interim email service for all TMF Group employees,
and we continue to restore services in a safe and controlled
manner.

We would like to express our gratitude for the understanding
shown by our clients and we will continue to issue updates on a
regular basis.

TMF Group Statement (Updated 29 June 2017, 15:00 BST)

We continue to prioritise resolving the IT issues some of our
TMF Group offices have experienced as a result of the virus
currently affecting many businesses around the world. We believe
the virus started within the tax filing system MEDoc which we use
in the Ukraine.

As previously communicated, we suspended our systems as a
precaution and our reviews show no evidence of data being
compromised. We have robust processes in place and we continue to
work with external agencies and cyber-security experts to return to
normal operations. We have implemented an interim email service for
all TMF Group employees, and we continue to restore services in a
safe and controlled manner.

We will continue to issue updates on a regular basis and
apologise for any inconvenience caused.

TMF Group Statement (Updated 28 June 2017, 12:00 BST)

We confirm that a number of TMF Group offices are experiencing
IT issues related to the virus currently affecting many businesses
around the world. We have suspended our systems as a precaution and
at this stage have no evidence to suggest our client data has been
compromised.

We have robust processes in place and are working to restore our
services in a safe and controlled manner.

We will continue to issue updates on a regular basis and
apologise for any inconvenience caused.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.